\section{Examples}
\label{examples}

One of the main goals for AnnoFlow is to enable developers to specify how
best to secure and protect the data in their application. While platform
as a service offerings can alleviate some concerns related to software
deployment, they can not make strong guarantees about the privacy of
their data. With AnnoFlow we hope to address some of these shortcomings,
and detail several use cases for end developers.

Consider the fictitious company Hokies, Inc. They sell widgets online and
accept credit card transactions via an e-commerce application. They host
their own servers so they can easily comply with encryption standards laid 
out by the Payment Card Industry (PCI) standard. Management decides, however,
that the application needs to be moved to a platform as a service cloud
offering. The major technical hurdle that the development team sees is the
ability to ensure encryption standards are maintained in this new environment.

Platforms with AnnoFlow enabled can make such a guarantee. First, the platform
sets up a \texttt{PersistenceFilter} at all boundary points that write to 
disk (for instance, methods that execute a sql query). The developer would tag
all credit card information with an \texttt{Encrypted} policy. When the
credit card information passes through the filter, it would be notified
that it is about to be written to disk (for instance, by the key-value pair
\{``mode'', ``persistent''\}). The \texttt{Encrypted} policy would then execute
encryption algorithm \emph{X} on the data. Thus, because the platform has
established this boundary (and because the developer trusts the platform), the
data will be encrypted and the company is in compliance with PCI standards.

Now, consider a fictitious medical facility called Hokies Hospital. They store
and manage patient data on-site. They can comply with the Health Insurance
Portability and Accountability Act (HIPAA) standards that stipulate geographic
boundaries on personally identifiable information. The board of directors has
decided that all data should be moved into the cloud to reduce the maintenance
costs. The major technical hurdle is guaranteeing that no data be passed
to other servers and specifically that none of it leave the country.

Platforms with AnnoFlow enabled can begin to make such a guarantee. First,
the platform sets up a \texttt{NetworkFilter} boundary at all places
that pass information to remote addresses. Some data is okay to be passed
to remote servers, but the hospital needs to ensure that patient data is
not transmitted to comply with HIPAA. Thus, they tag all patient data
with \texttt{SensitiveData} policies. When data is passing through the
filter on the network, it would check for objects with policies and pass
the key-value pair \{``network'', ``[ip\_addr]''\} to the policy. For
sensitive data, it would check that the destination is a whitelisted
address, otherwise it would disallow the transmission of the data. In this
way, the platform can help developers comply with HIPAA standards.

